<?php


namespace app\middleware;

use think\Request;
use \Closure;

/**校验请求
 * Class Auth
 * @package app\middleware
 */
class Auth
{
    /**
     * @param Request $request
     * @param Closure $next
     * @return mixed
     */
    public function handle(Request $request, Closure $next)
    {
        header('Content-Type: text/html;charset=utf-8');
        header('Access-Control-Allow-Origin:*'); // *代表允许任何网址请求
//        header('Access-Control-Allow-Methods:POST,GET,OPTIONS,DELETE'); // 允许请求的类型
        header('Access-Control-Allow-Methods:POST'); // 允许请求的类型
        header('Access-Control-Allow-Credentials: true'); // 设置是否允许发送 cookies
        header('Access-Control-Allow-Headers: Content-Type,Content-Length,Accept-Encoding,X-Requested-with, Origin,Authorization'); // 设置允许自定义请求头的字段
        // 校验请求方式
        if (!$request->isPost()) return jsonFail('不允许的请求方式');
//         校验参数签名
        if (checkSign($request->param()) == false) return jsonFail('参数验签失败');
//         校验token
        $token = $request->header('authorization');
        if ($token == null) return jsonFail('缺少token');
        if ('123456' != $token) return jsonFail('token验证失败');

        return $next($request);
    }
}